Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kimap-20.08.2/autotests/storejobtest.cpp Examining data/kimap-20.08.2/autotests/testrfccodecs.h Examining data/kimap-20.08.2/autotests/appendjobtest.cpp Examining data/kimap-20.08.2/autotests/deletejobtest.cpp Examining data/kimap-20.08.2/autotests/testrfccodecs.cpp Examining data/kimap-20.08.2/autotests/streamparsertest.cpp Examining data/kimap-20.08.2/autotests/setmetadatajobtest.cpp Examining data/kimap-20.08.2/autotests/subscribejobtest.cpp Examining data/kimap-20.08.2/autotests/listjobtest.cpp Examining data/kimap-20.08.2/autotests/movejobtest.cpp Examining data/kimap-20.08.2/autotests/capabilitiesjobtest.cpp Examining data/kimap-20.08.2/autotests/imapsettest.cpp Examining data/kimap-20.08.2/autotests/idjobtest.cpp Examining data/kimap-20.08.2/autotests/idlejobtest.cpp Examining data/kimap-20.08.2/autotests/fetchjobtest.cpp Examining data/kimap-20.08.2/autotests/getmetadatajobtest.cpp Examining data/kimap-20.08.2/autotests/renamejobtest.cpp Examining data/kimap-20.08.2/autotests/testsession.cpp Examining data/kimap-20.08.2/autotests/unsubscribejobtest.cpp Examining data/kimap-20.08.2/autotests/selectjobtest.cpp Examining data/kimap-20.08.2/autotests/quotarootjobtest.cpp Examining data/kimap-20.08.2/autotests/statusjobtest.cpp Examining data/kimap-20.08.2/autotests/searchjobtest.cpp Examining data/kimap-20.08.2/autotests/loginjobtest.cpp Examining data/kimap-20.08.2/autotests/expungejobtest.cpp Examining data/kimap-20.08.2/autotests/createjobtest.cpp Examining data/kimap-20.08.2/autotests/fakeservertest.cpp Examining data/kimap-20.08.2/autotests/logoutjobtest.cpp Examining data/kimap-20.08.2/autotests/kimaptest/mockjob.cpp Examining data/kimap-20.08.2/autotests/kimaptest/mockjob.h Examining data/kimap-20.08.2/autotests/kimaptest/fakeserver.h Examining data/kimap-20.08.2/autotests/kimaptest/fakeserver.cpp Examining data/kimap-20.08.2/autotests/kimaptest/sslserver.cpp Examining data/kimap-20.08.2/autotests/kimaptest/sslserver.h Examining data/kimap-20.08.2/tests/testimapserver.cpp Examining data/kimap-20.08.2/tests/testimapidle.cpp Examining data/kimap-20.08.2/src/copyjob.cpp Examining data/kimap-20.08.2/src/storejob.h Examining data/kimap-20.08.2/src/setacljob.h Examining data/kimap-20.08.2/src/sessionlogger.cpp Examining data/kimap-20.08.2/src/setacljob.cpp Examining data/kimap-20.08.2/src/myrightsjob.h Examining data/kimap-20.08.2/src/expungejob.cpp Examining data/kimap-20.08.2/src/deletejob.cpp Examining data/kimap-20.08.2/src/response_p.h Examining data/kimap-20.08.2/src/sessionuiproxy.cpp Examining data/kimap-20.08.2/src/setmetadatajob.cpp Examining data/kimap-20.08.2/src/deleteacljob.cpp Examining data/kimap-20.08.2/src/expungejob.h Examining data/kimap-20.08.2/src/deletejob.h Examining data/kimap-20.08.2/src/statusjob.cpp Examining data/kimap-20.08.2/src/listjob.h Examining data/kimap-20.08.2/src/sessionlogger_p.h Examining data/kimap-20.08.2/src/acljobbase.cpp Examining data/kimap-20.08.2/src/rfccodecs.cpp Examining data/kimap-20.08.2/src/setquotajob.h Examining data/kimap-20.08.2/src/quotajobbase.h Examining data/kimap-20.08.2/src/sessionuiproxy.h Examining data/kimap-20.08.2/src/common.h Examining data/kimap-20.08.2/src/closejob.cpp Examining data/kimap-20.08.2/src/listjob.cpp Examining data/kimap-20.08.2/src/logoutjob.cpp Examining data/kimap-20.08.2/src/getquotajob.h Examining data/kimap-20.08.2/src/appendjob.cpp Examining data/kimap-20.08.2/src/searchjob.cpp Examining data/kimap-20.08.2/src/deleteacljob.h Examining data/kimap-20.08.2/src/namespacejob.h Examining data/kimap-20.08.2/src/job.cpp Examining data/kimap-20.08.2/src/subscribejob.h Examining data/kimap-20.08.2/src/metadatajobbase.h Examining data/kimap-20.08.2/src/capabilitiesjob.cpp Examining data/kimap-20.08.2/src/loginjob.cpp Examining data/kimap-20.08.2/src/copyjob.h Examining data/kimap-20.08.2/src/metadatajobbase.cpp Examining data/kimap-20.08.2/src/fetchjob.cpp Examining data/kimap-20.08.2/src/session_p.h Examining data/kimap-20.08.2/src/sessionthread_p.h Examining data/kimap-20.08.2/src/movejob.h Examining data/kimap-20.08.2/src/selectjob.h Examining data/kimap-20.08.2/src/closejob.h Examining data/kimap-20.08.2/src/listrightsjob.h Examining data/kimap-20.08.2/src/getacljob.h Examining data/kimap-20.08.2/src/imapset.cpp Examining data/kimap-20.08.2/src/listrightsjob.cpp Examining data/kimap-20.08.2/src/subscribejob.cpp Examining data/kimap-20.08.2/src/idlejob.cpp Examining data/kimap-20.08.2/src/getquotarootjob.h Examining data/kimap-20.08.2/src/selectjob.cpp Examining data/kimap-20.08.2/src/appendjob.h Examining data/kimap-20.08.2/src/imapstreamparser.cpp Examining data/kimap-20.08.2/src/acl.cpp Examining data/kimap-20.08.2/src/imapset.h Examining data/kimap-20.08.2/src/loginjob.h Examining data/kimap-20.08.2/src/fetchjob.h Examining data/kimap-20.08.2/src/idjob.h Examining data/kimap-20.08.2/src/movejob.cpp Examining data/kimap-20.08.2/src/getmetadatajob.h Examining data/kimap-20.08.2/src/logoutjob.h Examining data/kimap-20.08.2/src/job_p.h Examining data/kimap-20.08.2/src/createjob.h Examining data/kimap-20.08.2/src/rfccodecs.h Examining data/kimap-20.08.2/src/getquotarootjob.cpp Examining data/kimap-20.08.2/src/setquotajob.cpp Examining data/kimap-20.08.2/src/renamejob.h Examining data/kimap-20.08.2/src/acljobbase_p.h Examining data/kimap-20.08.2/src/renamejob.cpp Examining data/kimap-20.08.2/src/imapstreamparser.h Examining data/kimap-20.08.2/src/namespacejob.cpp Examining data/kimap-20.08.2/src/unsubscribejob.h Examining data/kimap-20.08.2/src/session.h Examining data/kimap-20.08.2/src/sessionthread.cpp Examining data/kimap-20.08.2/src/getacljob.cpp Examining data/kimap-20.08.2/src/capabilitiesjob.h Examining data/kimap-20.08.2/src/myrightsjob.cpp Examining data/kimap-20.08.2/src/metadatajobbase_p.h Examining data/kimap-20.08.2/src/acljobbase.h Examining data/kimap-20.08.2/src/idlejob.h Examining data/kimap-20.08.2/src/unsubscribejob.cpp Examining data/kimap-20.08.2/src/quotajobbase.cpp Examining data/kimap-20.08.2/src/getmetadatajob.cpp Examining data/kimap-20.08.2/src/storejob.cpp Examining data/kimap-20.08.2/src/getquotajob.cpp Examining data/kimap-20.08.2/src/idjob.cpp Examining data/kimap-20.08.2/src/quotajobbase_p.h Examining data/kimap-20.08.2/src/setmetadatajob.h Examining data/kimap-20.08.2/src/createjob.cpp Examining data/kimap-20.08.2/src/acl.h Examining data/kimap-20.08.2/src/session.cpp Examining data/kimap-20.08.2/src/searchjob.h Examining data/kimap-20.08.2/src/job.h Examining data/kimap-20.08.2/src/statusjob.h FINAL RESULTS: data/kimap-20.08.2/src/rfccodecs.cpp:556:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(latin_us, str.toLatin1().constData()); data/kimap-20.08.2/autotests/kimaptest/fakeserver.cpp:145:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QFile::ReadOnly); data/kimap-20.08.2/autotests/streamparsertest.cpp:58:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QBuffer::WriteOnly); data/kimap-20.08.2/autotests/streamparsertest.cpp:62:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). readSocket.open(QBuffer::ReadOnly); data/kimap-20.08.2/autotests/streamparsertest.cpp:90:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QBuffer::WriteOnly); data/kimap-20.08.2/autotests/streamparsertest.cpp:95:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). readSocket.open(QBuffer::ReadOnly); data/kimap-20.08.2/autotests/streamparsertest.cpp:131:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QBuffer::WriteOnly); data/kimap-20.08.2/autotests/streamparsertest.cpp:135:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). readSocket.open(QBuffer::ReadOnly); data/kimap-20.08.2/src/rfccodecs.cpp:43:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char especials[17] = "()<>@,;:\"/[]?.= "; data/kimap-20.08.2/src/rfccodecs.cpp:60:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char base64[256], utf8[6]; data/kimap-20.08.2/src/sessionlogger.cpp:26:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!m_file.open(QFile::WriteOnly)) { data/kimap-20.08.2/src/loginjob.cpp:108:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). interact->len = strlen((const char *) interact->result); data/kimap-20.08.2/src/loginjob.cpp:115:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). interact->len = strlen((const char *) interact->result); data/kimap-20.08.2/src/loginjob.cpp:120:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). interact->len = strlen((const char *) interact->result); ANALYSIS SUMMARY: Hits = 14 Lines analyzed = 18633 in approximately 0.50 seconds (37585 lines/second) Physical Source Lines of Code (SLOC) = 12343 Hits@level = [0] 2 [1] 3 [2] 10 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 16 [1+] 14 [2+] 11 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 1.29628 [1+] 1.13425 [2+] 0.891193 [3+] 0.0810176 [4+] 0.0810176 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.